Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants.

The latest count suggests more than 30,000 sites are quietly running JavaScript miners on people’s PCs and handhelds – way more thanpreviously thought.

An analysis , published this month by infosec guru Troy Mursch, revealed that the vast majority of coin-mining code came from Coin Hive, the freely available JavaScript code developed to mine Monero. It appears the scripts were slipped into most, but not all, webpages covertly by hackers and other miscreants. In all, Mursch found 30,611 sites on the web running Coin Hive’s JavaScript to effectively cryptojack machines into digging up digital dosh for shady netizens.

For example, DNS provider ZoneEdit was running Coin Hive code on 324 parked web domains: on Monday this week, the biz coughed up to the sneaky inclusion and removed the code. Las Vegas ladies of the night were also mining crypto-currency on punters’ PCs. A Colombian government agency’s site was also hijacked to covertly craft coins. A parody website was even created to “warm” your MacBook as winter approaches: obviously, it was running a miner.

While a few sites chose to deliberately run Coin Hive – such as ZoneEdit and the Pirate Bay – the number of websites unwittingly running the code, inserted by persons unknown, is much higher. We’ve already seen organizations fromUFC toCBS Showtime running Coin Hive inadvertently, and this latest scan shows Papa John’s Pizza in Mexico and the US National Association of Doctors are harvesting Monero, neither of which are likely to have installed it deliberately. Papa John’s in Ecuadorwas also pwned to run Coin Hive code on its site.

In addition it appears that many of these mining operations are being run by one person. Mursch found that one “Mohammad Khezri” of Iran seems to be controlling a vast number of mining operations spread across many domains to maximize returns.

Naturally not many people are wild about contributing their power and CPU cycles to make other people money, and security software and some ad blockers actively shut down Coin Hive’s code when it is loaded into browsers. The miner’s programmers are fine with that, and have stopped developing the software in favor of AuthedMine , which asks permission before getting mining – however, the original sneaky code is still the go-to miner of choice for online crims.

“Coin Hive is not the only JavaScript miner available for cryptojacking use,” Mursch said. “Many competitors have popped up in its wake. Using PublicWWW, I found JSECoin was in a distant second place behind Coin Hive on 905 websites.”

In the meantime, Mursch has put in a request to Google engineers to add some kind of blocking code into Chrome that can block coin miners. While there’s nothing wrong with informed use of coin mining software – it is supposed to be an alternative way for webmasters to earn money besides adverts – the quickly increasing scale of the problem suggests that such blocking measures will have to be taken in browsers to curb the menace of these CPU-cycle thieves. ®